Details of VAR-201912-0115

ID

VAR-201912-0115

CVE

CVE-2019-8801

TITLE

apple's iTunes and Apple Mac OS X Untrusted search path vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2019-016918

DESCRIPTION

A dynamic library loading issue existed in iTunes setup. This was addressed with improved path searching. This issue is fixed in macOS Catalina 10.15.1, iTunes for Windows 12.10.2. Running the iTunes installer in an untrusted directory may result in arbitrary code execution. apple's iTunes and Apple Mac OS X Exists in an untrusted search path vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Apple iTunes for Windows is a media player application based on the Windows platform. Apple macOS Catalina is a dedicated operating system developed for Mac computers. An attacker could exploit this vulnerability to execute arbitrary code. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2019-10-29-2 macOS Catalina 10.15.1, Security Update 2019-001 Mojave, Security Update 2019-006 High Sierra macOS Catalina 10.15.1, Security Update 2019-001 Mojave, Security Update 2019-006 High Sierra are now available and address the following: Accounts Available for: macOS Catalina 10.15 Impact: A remote attacker may be able to leak memory Description: An out-of-bounds read was addressed with improved input validation. CVE-2019-8787: Steffen Klee of Secure Mobile Networking Lab at Technische Universität Darmstadt App Store Available for: macOS Catalina 10.15 Impact: A local attacker may be able to login to the account of a previously logged in user without valid credentials. Description: An authentication issue was addressed with improved state management. CVE-2019-8803: Kiyeon An, 차민규 (CHA Minkyu) AppleGraphicsControl Available for: macOS Catalina 10.15 Impact: An application may be able to read restricted memory Description: A validation issue was addressed with improved input sanitization. CVE-2019-8817: Arash Tohidi AppleGraphicsControl Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6 Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2019-8716: Zhiyi Zhang of Codesafe Team of Legendsec at Qi'anxin Group, Zhuo Liang of Qihoo 360 Vulcan Team Associated Domains Available for: macOS Catalina 10.15 Impact: Improper URL processing may lead to data exfiltration Description: An issue existed in the parsing of URLs. CVE-2019-8788: Juha Lindstedt of Pakastin, Mirko Tanania, Rauli Rikama of Zero Keyboard Ltd Audio Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6 Impact: Processing a maliciously crafted audio file may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved state management. CVE-2019-8706: Yu Zhou of Ant-financial Light-Year Security Lab Audio Available for: macOS High Sierra 10.13.6, macOS Catalina 10.15 Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2019-8785: Ian Beer of Google Project Zero CVE-2019-8797: 08Tc3wBB working with SSD Secure Disclosure Books Available for: macOS Catalina 10.15 Impact: Parsing a maliciously crafted iBooks file may lead to disclosure of user information Description: A validation issue existed in the handling of symlinks. CVE-2019-8789: Gertjan Franken of imec-DistriNet, KU Leuven Contacts Available for: macOS Catalina 10.15 Impact: Processing a maliciously contact may lead to UI spoofing Description: An inconsistent user interface issue was addressed with improved state management. CVE-2017-7152: Oliver Paukstadt of Thinking Objects GmbH (to.com) CUPS Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6 Impact: An attacker in a privileged network position may be able to leak sensitive user information Description: An input validation issue was addressed with improved input validation. CVE-2019-8736: Pawel Gocyla of ING Tech Poland (ingtechpoland.com) CUPS Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6 Impact: Processing a maliciously crafted string may lead to heap corruption Description: A memory consumption issue was addressed with improved memory handling. CVE-2019-8767: Stephen Zeisberg CUPS Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6 Impact: An attacker in a privileged position may be able to perform a denial of service attack Description: A denial of service issue was addressed with improved validation. CVE-2019-8737: Pawel Gocyla of ING Tech Poland (ingtechpoland.com) File Quarantine Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6 Impact: A malicious application may be able to elevate privileges Description: This issue was addressed by removing the vulnerable code. CVE-2019-8509: CodeColorist of Ant-Financial LightYear Labs File System Events Available for: macOS High Sierra 10.13.6, macOS Catalina 10.15 Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2019-8798: ABC Research s.r.o. working with Trend Micro's Zero Day Initiative Graphics Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6 Impact: Processing a malicious shader may result in unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues were addressed with improved input validation. CVE-2018-12152: Piotr Bania of Cisco Talos CVE-2018-12153: Piotr Bania of Cisco Talos CVE-2018-12154: Piotr Bania of Cisco Talos Graphics Driver Available for: macOS Catalina 10.15 Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2019-8784: Vasiliy Vasilyev and Ilya Finogeev of Webinar, LLC Intel Graphics Driver Available for: macOS Catalina 10.15 Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2019-8807: Yu Wang of Didi Research America IOGraphics Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6 Impact: A local user may be able to cause unexpected system termination or read kernel memory Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2019-8801: Hou JingYi (@hjy79425575) of Qihoo 360 CERT Kernel Available for: macOS Catalina 10.15 Impact: An application may be able to read restricted memory Description: A validation issue was addressed with improved input sanitization. CVE-2019-8794: 08Tc3wBB working with SSD Secure Disclosure Kernel Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2019-8786: an anonymous researcher Kernel Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6 Impact: A malicious application may be able to determine kernel memory layout Description: A memory corruption issue existed in the handling of IPv6 packets. CVE-2019-8744: Zhuo Liang of Qihoo 360 Vulcan Team libxml2 Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6 Impact: Multiple issues in libxml2 Description: Multiple memory corruption issues were addressed with improved input validation. CVE-2019-8749: found by OSS-Fuzz CVE-2019-8756: found by OSS-Fuzz libxslt Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6 Impact: Multiple issues in libxslt Description: Multiple memory corruption issues were addressed with improved input validation. CVE-2019-8750: found by OSS-Fuzz manpages Available for: macOS High Sierra 10.13.6, macOS Catalina 10.15 Impact: A malicious application may be able to gain root privileges Description: A validation issue was addressed with improved logic. CVE-2019-8802: Csaba Fitzl (@theevilbit) PluginKit Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6 Impact: A local user may be able to check for the existence of arbitrary files Description: A logic issue was addressed with improved restrictions. CVE-2019-8708: an anonymous researcher PluginKit Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6 Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2019-8715: an anonymous researcher SystemExtensions Available for: macOS Catalina 10.15 Impact: An application may be able to execute arbitrary code with system privileges Description: A validation issue existed in the entitlement verification. CVE-2019-8805: Scott Knight (@sdotknight) of VMware Carbon Black TAU UIFoundation Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6 Impact: Parsing a maliciously crafted text file may lead to disclosure of user information Description: This issue was addressed with improved checks. CVE-2019-8761: Renee Trisberg of SpectX Additional recognition CFNetwork We would like to acknowledge Lily Chen of Google for their assistance. Kernel We would like to acknowledge Brandon Azad of Google Project Zero and Jann Horn of Google Project Zero for their assistance. libresolv We would like to acknowledge enh at Google for their assistance. Postfix We would like to acknowledge Chris Barker of Puppet for their assistance. Profiles We would like to acknowledge Csaba Fitzl (@theevilbit) for their assistance. python We would like to acknowledge an anonymous researcher for their assistance. VPN We would like to acknowledge Royce Gawron of Second Son Consulting, Inc. for their assistance. Installation note: macOS Catalina 10.15.1, Security Update 2019-001 Mojave, Security Update 2019-006 High Sierra may be obtained from the Mac App Store or Apple's Software Downloads web site: https://support.apple.com/downloads/ Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQJdBAEBCABHFiEEM5FaaFRjww9EJgvRBz4uGe3y0M0FAl24p5UpHHByb2R1Y3Qt c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQBz4uGe3y0M3T5w/+ MA0oNNn6fPlkGiHHzMisKLkseGIltXgSc1v01C32qZpWoCmIzxXoDN1DZ0UC1nkh fAzFMvj25wEj14L7ZXOOqaLFgf+e3ZGzius71wru92h1oaYMkspO1A0I6jPOXUU0 EtZfy6RECv7Ees4Zvj5EWXO0Xqpk2fVyEN4f/sGLtlHRkv1Do9ge6pX3JyXynF+f M0jSntJYBFMuzIX2LZFdbTgtcNhsVMhUlztz3SKbA+JF6IxertPSp9mOxaEtGnYj LgvSy9EVn98XBRt7rS8zrXCBi1OrTV21RE2HY+Twv+8lSSMRsjo6+KW7sPYd3KDy esY0zfIkZ1VSSw/sb0kBalkl/rjLeBkSsBlLiA9uWEvkH9uDNVuo4WzDIN6a89hs Zb2Aj4VjlLlKRKXRmLmpq7TkUQTVxWNMUdHttHUa/k0ODWviH/CbCKhrv0GKB9+X EOXG65J+qCzq07MPgQG/JWCFbpVVOqQyXOuKCwrDl1LIb15WMxy8vFApEcJAsrvB Z9if9NDnJxTWo9gQUcrZHrFm/humsTc+YSPSDovfIEYwbx99LkOWdnK5kiTqodxW SMQyXhAWeZqL8zzxkFjXnodsnmVXvldFVMHjqPdXuXnn6ythU4UPedklPC50bH9G Ofniqz3XXmySfVDFNFyfODEsvnoTxmGiUyJzAxAM+JM= =fvfR -----END PGP SIGNATURE-----

Trust: 1.8

sources: NVD: CVE-2019-8801 // JVNDB: JVNDB-2019-016918 // VULHUB: VHN-160236 // PACKETSTORM: 155067

AFFECTED PRODUCTS

vendor:	apple	model:	itunes	scope:	lt	version:	12.10.2	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	lt	version:	10.15.1	Trust: 1.0
vendor:	アップル	model:	apple mac os x	scope:	eq	version:	10.15.1	Trust: 0.8
vendor:	アップル	model:	itunes	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2019-016918 // NVD: CVE-2019-8801

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-8801
value:	HIGH
Trust: 1.0
NVD:	CVE-2019-8801
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201910-1746
value:	HIGH
Trust: 0.6
VULHUB:	VHN-160236
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2019-8801
severity:	MEDIUM
baseScore:	4.4
vectorString:	AV:L/AC:M/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.4
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-160236
severity:	MEDIUM
baseScore:	4.4
vectorString:	AV:L/AC:M/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.4
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2019-8801
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2019-8801
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-160236 // JVNDB: JVNDB-2019-016918 // CNNVD: CNNVD-201910-1746 // NVD: CVE-2019-8801

PROBLEMTYPE DATA

problemtype:	CWE-426	Trust: 1.1
problemtype:	Untrusted search path (CWE-426) [NVD evaluation ]	Trust: 0.8

sources: VULHUB: VHN-160236 // JVNDB: JVNDB-2019-016918 // NVD: CVE-2019-8801

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201910-1746

TYPE

code problem

Trust: 0.6

sources: CNNVD: CNNVD-201910-1746

PATCH

title:	HT210722 Apple Security update	url:	https://support.apple.com/en-us/HT210722	Trust: 0.8
title:	Apple macOS Catalina and Apple iTunes for Windows Fixes for code issue vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=106070	Trust: 0.6

sources: JVNDB: JVNDB-2019-016918 // CNNVD: CNNVD-201910-1746

EXTERNAL IDS

db:	NVD	id:	CVE-2019-8801	Trust: 3.4
db:	JVNDB	id:	JVNDB-2019-016918	Trust: 0.8
db:	CNNVD	id:	CNNVD-201910-1746	Trust: 0.7
db:	PACKETSTORM	id:	155067	Trust: 0.7
db:	AUSCERT	id:	ESB-2019.4010	Trust: 0.6
db:	VULHUB	id:	VHN-160236	Trust: 0.1

sources: VULHUB: VHN-160236 // JVNDB: JVNDB-2019-016918 // PACKETSTORM: 155067 // CNNVD: CNNVD-201910-1746 // NVD: CVE-2019-8801

REFERENCES

url:	https://support.apple.com/ht210722	Trust: 1.7
url:	https://support.apple.com/ht210726	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8801	Trust: 1.5
url:	https://support.apple.com/en-au/ht201222	Trust: 0.6
url:	https://vigilance.fr/vulnerability/apple-macos-multiple-vulnerabilities-30747	Trust: 0.6
url:	https://support.apple.com/en-us/ht210726	Trust: 0.6
url:	https://packetstormsecurity.com/files/155067/apple-security-advisory-2019-10-29-2.html	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.4010/	Trust: 0.6
url:	https://support.apple.com/en-us/ht210722	Trust: 0.6
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8784	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8789	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8788	Trust: 0.1
url:	https://support.apple.com/kb/ht201222	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8706	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8767	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2017-7152	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8744	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8716	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8736	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8750	Trust: 0.1
url:	https://support.apple.com/downloads/	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8708	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8786	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8509	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8756	Trust: 0.1
url:	https://www.apple.com/support/security/pgp/	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-12153	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8737	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8787	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8749	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8794	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8798	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-12154	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8797	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8785	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8759	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8715	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-12152	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8761	Trust: 0.1

sources: VULHUB: VHN-160236 // JVNDB: JVNDB-2019-016918 // PACKETSTORM: 155067 // CNNVD: CNNVD-201910-1746 // NVD: CVE-2019-8801

CREDITS

Apple

Trust: 0.7

sources: PACKETSTORM: 155067 // CNNVD: CNNVD-201910-1746

SOURCES

db:	VULHUB	id:	VHN-160236
db:	JVNDB	id:	JVNDB-2019-016918
db:	PACKETSTORM	id:	155067
db:	CNNVD	id:	CNNVD-201910-1746
db:	NVD	id:	CVE-2019-8801

LAST UPDATE DATE

2024-08-14T12:48:27.872000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-160236	date:	2019-12-30T00:00:00
db:	JVNDB	id:	JVNDB-2019-016918	date:	2024-07-23T05:07:00
db:	CNNVD	id:	CNNVD-201910-1746	date:	2021-11-03T00:00:00
db:	NVD	id:	CVE-2019-8801	date:	2019-12-30T21:20:37.127

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-160236	date:	2019-12-18T00:00:00
db:	JVNDB	id:	JVNDB-2019-016918	date:	2024-07-23T00:00:00
db:	PACKETSTORM	id:	155067	date:	2019-11-01T17:11:03
db:	CNNVD	id:	CNNVD-201910-1746	date:	2019-10-30T00:00:00
db:	NVD	id:	CVE-2019-8801	date:	2019-12-18T18:15:42.663